def import_users(self):
"""Imports users from all the configured LDAP plugins into OGDS.
"""
session = create_session()
# Set all SQL users inactive first - the ones still contained in the LDAP
# will be set active again below (in the same transaction).
for user in session.query(User):
user.active = 0
for plugin in self._ldap_plugins():
ldap_userfolder = plugin._getLDAPUserFolder()
uid_attr = self._get_uid_attr(ldap_userfolder)
ldap_util = ILDAPSearch(ldap_userfolder)
ldap_users = ldap_util.get_users()
for ldap_user in ldap_users:
dn, info = ldap_user
# Ignore users without an UID in LDAP
if not uid_attr in info:
continue
userid = info[uid_attr]
# Skip users with uid longer than SQL 'userid' column
# FIXME: Increase size of SQL column to 64
if len(userid) > 30:
continue
if not self.user_exists(userid):
# Create the new user
user = User(userid)
session.add(user)
else:
# Get the existing user
user = session.query(User).filter_by(userid=userid).first()
# Iterate over all SQL columns and update their values
columns = User.__table__.columns
for col in columns:
if col.name == 'userid':
# We already set the userid when creating the user
# object, and it may not be called the same in LDAP as
# in our SQL model
continue
value = info.get(col.name)
# We can't store sequences in SQL columns. So if we do get a multi-valued field
# to be stored directly in OGDS, we treat it as a multi-line string and join it.
if isinstance(value, list) or isinstance(value, tuple):
value = ' '.join([str(v) for v in value])
setattr(user, col.name, value)
# Set the user active
user.active = 1
logger.info("Imported user '%s'..." % userid)
session.flush()
def import_users(self):
"""Imports users from all the configured LDAP plugins into OGDS.
"""
session = create_session()
# Set all SQL users inactive first - the ones still contained in the LDAP
# will be set active again below (in the same transaction).
for user in session.query(User):
user.active = 0
for plugin in self._ldap_plugins():
ldap_userfolder = plugin._getLDAPUserFolder()
uid_attr = self._get_uid_attr(ldap_userfolder)
ldap_util = ILDAPSearch(ldap_userfolder)
ldap_users = ldap_util.get_users()
for ldap_user in ldap_users:
dn, info = ldap_user
# Ignore users without an UID in LDAP
if not uid_attr in info:
continue
userid = info[uid_attr]
# Skip users with uid longer than SQL 'userid' column
# FIXME: Increase size of SQL column to 64
if len(userid) > 30:
continue
if not self.user_exists(userid):
# Create the new user
user = User(userid)
session.add(user)
else:
# Get the existing user
user = session.query(User).filter_by(userid=userid).first()
# Iterate over all SQL columns and update their values
columns = User.__table__.columns
for col in columns:
if col.name == 'userid':
# We already set the userid when creating the user
# object, and it may not be called the same in LDAP as
# in our SQL model
continue
value = info.get(col.name)
# We can't store sequences in SQL columns. So if we do get a multi-valued field
# to be stored directly in OGDS, we treat it as a multi-line string and join it.
if isinstance(value, list) or isinstance(value, tuple):
value = ' '.join([str(v) for v in value])
setattr(user, col.name, value)
# Set the user active
user.active = 1
logger.info("Imported user '%s'..." % userid)
session.flush()
def migrate(self):
# Add a temp secretary id column to meetings
new_secretary_id = Column('new_secretary_id', String(USER_ID_LENGTH),
ForeignKey(User.userid))
self.op.add_column('meetings', new_secretary_id)
# Populate temp secretary column - user if match else new inactive user
meetings_table = table(
'meetings',
column('id'),
column('secretary_id'),
column('new_secretary_id'),
)
meetings = self.connection.execute(meetings_table.select()).fetchall()
for meeting in meetings:
if meeting.secretary_id:
member = Member.query.get(meeting.secretary_id)
if member:
user = User.query.filter(
User.firstname == member.firstname,
User.lastname == member.lastname).first()
if not user:
# We have to create an inactive user for the member
userid = uuid4().hex
user = User(userid)
user.active = False
user.firstname = member.firstname
user.lastname = member.lastname
user.email = member.email
self.session.add(user)
self.session.flush()
self.execute(meetings_table.update().values(
new_secretary_id=user.userid).where(
meetings_table.columns.id == meeting.id))
# Drop old secretary column
self.op.drop_column('meetings', 'secretary_id')
# Rename temp secretary column
self.op.alter_column('meetings',
'new_secretary_id',
new_column_name='secretary_id')
def migrate(self):
# Add a temp secretary id column to meetings
new_secretary_id = Column('new_secretary_id', String(USER_ID_LENGTH), ForeignKey(User.userid))
self.op.add_column('meetings', new_secretary_id)
# Populate temp secretary column - user if match else new inactive user
meetings_table = table(
'meetings',
column('id'),
column('secretary_id'),
column('new_secretary_id'),
)
meetings = self.connection.execute(meetings_table.select()).fetchall()
for meeting in meetings:
if meeting.secretary_id:
member = Member.query.get(meeting.secretary_id)
if member:
user = User.query.filter(User.firstname == member.firstname, User.lastname == member.lastname).first()
if not user:
# We have to create an inactive user for the member
userid = uuid4().hex
user = User(userid)
user.active = False
user.firstname = member.firstname
user.lastname = member.lastname
user.email = member.email
self.session.add(user)
self.session.flush()
self.execute(
meetings_table.update()
.values(new_secretary_id=user.userid)
.where(meetings_table.columns.id == meeting.id)
)
# Drop old secretary column
self.op.drop_column('meetings', 'secretary_id')
# Rename temp secretary column
self.op.alter_column('meetings', 'new_secretary_id', new_column_name='secretary_id')
def __call__(self):
form = self.request.form
session = create_session()
policy_id = form['policy']
client_registry = getUtility(IClientConfigurationRegistry)
config = client_registry.get_policy(policy_id)
# drop sql tables
if form.get('first', False) and config.get('purge_sql', False):
self.drop_sql_tables(session)
ext_profiles = list(EXTENSION_PROFILES)
if config.get('base_profile', None):
ext_profiles.append(config.get('base_profile'))
# create plone site
site = addPloneSite(
self.context,
form['client_id'],
title=form['title'],
profile_id=_DEFAULT_PROFILE,
extension_ids=ext_profiles,
setup_content=False,
default_language=config.get('language', 'de-ch'),
)
# ldap
stool = getToolByName(site, 'portal_setup')
if form.get('ldap', False):
stool = getToolByName(site, 'portal_setup')
stool.runAllImportStepsFromProfile('profile-%s' % form.get('ldap'))
# Configure credentials from JSON file at
# ~/.opengever/ldap/{hostname}.json
configure_ldap_credentials(site)
acl_users = getToolByName(site, 'acl_users')
plugins = acl_users.plugins
# disable source_groups when using ldap
for ptype in plugins.listPluginTypeInfo():
try:
plugins.deactivatePlugin(ptype['interface'],
'source_groups')
except KeyError:
pass
# deactivate recursive groups
for ptype in plugins.listPluginTypeInfo():
try:
plugins.deactivatePlugin(ptype['interface'],
'recursive_groups')
except KeyError:
pass
# move ldap up
plugins.movePluginsUp(IPropertiesPlugin, ('ldap',))
plugins.movePluginsUp(IPropertiesPlugin, ('ldap',))
plugins.movePluginsUp(IPropertiesPlugin, ('ldap',))
if form.get('first', False) and form.get('import_users', False):
print '===== SYNC LDAP ===='
class Object(object):
pass
# Import LDAP users and groups
options = Object()
options.site_root = '/' + form['client_id']
options.update_syncstamp = False
sync_ldap.run_import(self.context, options)
if form.get('configsql'):
# register the client in the ogds
# is the client already configured? -> delete it
clients = session.query(Client).filter_by(
client_id=form['client_id']).all()
if clients:
session.delete(clients[0])
# groups must exist
users_groups = session.query(Group).filter_by(
groupid=form['group'])
inbox_groups = session.query(Group).filter_by(
groupid=form['inbox_group'])
try:
users_group = users_groups[0]
except IndexError:
raise SetupError("User group '%s' could not be found." %
form['group'])
try:
inbox_group = inbox_groups[0]
except IndexError:
raise SetupError("Inbox group '%s' could not be found." %
form['inbox_group'])
active = bool(form.get('active', False))
client = Client(form['client_id'],
enabled=active,
title=form['title'],
ip_address=form['ip_address'],
site_url=form['site_url'],
public_url=form['public_url'],
)
client.users_group = users_group
client.inbox_group = inbox_group
session.add(client)
# create the admin user in the ogds if he not exist
# and add it to the specified user_group
# so we avoid a constraintError in the choice fields
if session.query(User).filter_by(userid=ADMIN_USER_ID).count() == 0:
og_admin_user = User(ADMIN_USER_ID, firstname='OG',
lastname='Administrator', active=True)
session.add(og_admin_user)
else:
og_admin_user = session.query(User).filter_by(
userid=ADMIN_USER_ID).first()
og_admin_user.active = True
users_group = session.query(Group).filter_by(
groupid=form['group']).first()
if og_admin_user not in users_group.users:
users_group.users.append(og_admin_user)
# set the client id in the registry
client_id = form['client_id'].decode('utf-8')
registry = getUtility(IRegistry)
proxy = registry.forInterface(IClientConfiguration)
proxy.client_id = form['client_id'].decode('utf-8')
# set the mail domain in the registry
registry = getUtility(IRegistry)
proxy = registry.forInterface(IMailSettings)
proxy.mail_domain = form['mail_domain'].decode('utf-8')
mail_from_address = self.get_mail_from_address()
site.manage_changeProperties({'email_from_address': mail_from_address,
'email_from_name': client_id})
# set global Member role for the client users group
site.acl_users.portal_role_manager.assignRoleToPrincipal(
'Member', form['group'])
# set global Member role for readers group
if form['reader_group']:
site.acl_users.portal_role_manager.assignRoleToPrincipal(
'Member', form['reader_group'])
# set Role Manager role for rolemanager group
if form['rolemanager_group']:
site.acl_users.portal_role_manager.assignRoleToPrincipal(
'Role Manager', form['rolemanager_group'])
# provide the repository root for opengever.setup:default
repository_root = config.get('repository_root', None)
if repository_root:
self.request.set('repository_root', repository_root)
# import the defaul generic setup profiles if needed
stool = getToolByName(site, 'portal_setup')
for profile in config.get('additional_profiles', ()):
stool.runAllImportStepsFromProfile('profile-%s' % profile)
# set the site title
site.manage_changeProperties(title=form['title'])
# REALLY set the language - the plone4 addPloneSite is really
# buggy with languages.
langCP = getAdapter(site, ILanguageSelectionSchema)
langCP.default_language = 'de-ch'
# the og_admin_user is not longer used so we set him to inactive
og_admin_user.active = False
return 'ok'
def import_users(self):
"""Imports users from all the configured LDAP plugins into OGDS.
"""
session = create_session()
# Set all SQL users inactive first - the ones still contained in the
# LDAP will be set active again below (in the same transaction).
for user in session.query(User):
user.active = False
for plugin in self._ldap_plugins():
ldap_userfolder = plugin._getLDAPUserFolder()
uid_attr = self._get_uid_attr(ldap_userfolder)
ldap_util = ILDAPSearch(ldap_userfolder)
logger.info(u'Users base: %s' % ldap_userfolder.users_base)
logger.info(u'User filter: %s' % ldap_util.get_user_filter())
ldap_users = ldap_util.get_users()
for ldap_user in ldap_users:
dn, info = ldap_user
# Ignore users without an UID in LDAP
if uid_attr not in info:
continue
userid = info[uid_attr]
userid = userid.decode('utf-8')
# Skip users with uid longer than SQL 'userid' column
if len(userid) > USER_ID_LENGTH:
logger.warn(u"Skipping user '{}' - "
u"userid too long!".format(userid))
continue
if not self.user_exists(userid):
# Create the new user
user = User(userid)
session.add(user)
else:
# Get the existing user
try:
user = self.get_sql_user(userid)
except MultipleResultsFound:
# Duplicate user with slightly different spelling
# (casing, whitespace, ...) that may not be considered
# different by the SQL backend's unique constraint.
# We therefore enforce uniqueness ourselves.
logger.warn(
u"Skipping duplicate user '{}'!".format(userid))
continue
# Iterate over all SQL columns and update their values
columns = User.__table__.columns
for col in columns:
if col.name == 'userid':
# We already set the userid when creating the user
# object, and it may not be called the same in LDAP as
# in our SQL model
continue
value = info.get(col.name)
# We can't store sequences in SQL columns. So if we do get
# a multi-valued field to be stored directly in OGDS, we
# treat it as a multi-line string and join it.
if isinstance(value, list) or isinstance(value, tuple):
value = ' '.join([str(v) for v in value])
if isinstance(value, str):
value = value.decode('utf-8')
# Truncate purely descriptive user fields if necessary
if isinstance(col.type, String):
if value and len(value) > col.type.length:
logger.warn(u"Truncating value %r for column %r "
u"(user: %r)" %
(value, col.name, userid))
value = value[:col.type.length]
setattr(user, col.name, value)
# Set the user active
user.active = True
logger.info(u"Imported user '{}'".format(userid))
session.flush()
def __call__(self):
form = self.request.form
session = create_session()
policy_id = form['policy']
client_registry = getUtility(IClientConfigurationRegistry)
config = client_registry.get_policy(policy_id)
# drop sql tables
if form.get('first', False) and config.get('purge_sql', False):
self.drop_sql_tables(session)
ext_profiles = list(EXTENSION_PROFILES)
if config.get('base_profile', None):
ext_profiles.append(config.get('base_profile'))
# create plone site
site = addPloneSite(
self.context,
form['client_id'],
title=form['title'],
profile_id=_DEFAULT_PROFILE,
extension_ids=ext_profiles,
setup_content=False,
default_language=config.get('language', 'de-ch'),
)
# ldap
stool = getToolByName(site, 'portal_setup')
if form.get('ldap', False):
stool = getToolByName(site, 'portal_setup')
stool.runAllImportStepsFromProfile('profile-%s' % form.get('ldap'))
# Configure credentials from JSON file at
# ~/.opengever/ldap/{hostname}.json
configure_ldap_credentials(site)
acl_users = getToolByName(site, 'acl_users')
plugins = acl_users.plugins
# disable source_groups when using ldap
for ptype in plugins.listPluginTypeInfo():
try:
plugins.deactivatePlugin(ptype['interface'],
'source_groups')
except KeyError:
pass
# deactivate recursive groups
for ptype in plugins.listPluginTypeInfo():
try:
plugins.deactivatePlugin(ptype['interface'],
'recursive_groups')
except KeyError:
pass
# move ldap up
plugins.movePluginsUp(IPropertiesPlugin, ('ldap', ))
plugins.movePluginsUp(IPropertiesPlugin, ('ldap', ))
plugins.movePluginsUp(IPropertiesPlugin, ('ldap', ))
if form.get('first', False) and form.get('import_users', False):
print '===== SYNC LDAP ===='
class Object(object):
pass
# Import LDAP users and groups
options = Object()
options.site_root = '/' + form['client_id']
options.update_syncstamp = False
sync_ldap.run_import(self.context, options)
if form.get('configsql'):
# register the client in the ogds
# is the client already configured? -> delete it
clients = session.query(Client).filter_by(
client_id=form['client_id']).all()
if clients:
session.delete(clients[0])
# groups must exist
users_groups = session.query(Group).filter_by(
groupid=form['group'])
inbox_groups = session.query(Group).filter_by(
groupid=form['inbox_group'])
try:
users_group = users_groups[0]
except IndexError:
raise SetupError("User group '%s' could not be found." %
form['group'])
try:
inbox_group = inbox_groups[0]
except IndexError:
raise SetupError("Inbox group '%s' could not be found." %
form['inbox_group'])
active = bool(form.get('active', False))
client = Client(
form['client_id'],
enabled=active,
title=form['title'],
ip_address=form['ip_address'],
site_url=form['site_url'],
public_url=form['public_url'],
)
client.users_group = users_group
client.inbox_group = inbox_group
session.add(client)
# create the admin user in the ogds if he not exist
# and add it to the specified user_group
# so we avoid a constraintError in the choice fields
if session.query(User).filter_by(userid=ADMIN_USER_ID).count() == 0:
og_admin_user = User(ADMIN_USER_ID,
firstname='OG',
lastname='Administrator',
active=True)
session.add(og_admin_user)
else:
og_admin_user = session.query(User).filter_by(
userid=ADMIN_USER_ID).first()
og_admin_user.active = True
users_group = session.query(Group).filter_by(
groupid=form['group']).first()
if og_admin_user not in users_group.users:
users_group.users.append(og_admin_user)
# set the client id in the registry
client_id = form['client_id'].decode('utf-8')
registry = getUtility(IRegistry)
proxy = registry.forInterface(IClientConfiguration)
proxy.client_id = form['client_id'].decode('utf-8')
# set the mail domain in the registry
registry = getUtility(IRegistry)
proxy = registry.forInterface(IMailSettings)
proxy.mail_domain = form['mail_domain'].decode('utf-8')
mail_from_address = self.get_mail_from_address()
site.manage_changeProperties({
'email_from_address': mail_from_address,
'email_from_name': client_id
})
# set global Member role for the client users group
site.acl_users.portal_role_manager.assignRoleToPrincipal(
'Member', form['group'])
# set global Member role for readers group
if form['reader_group']:
site.acl_users.portal_role_manager.assignRoleToPrincipal(
'Member', form['reader_group'])
# set Role Manager role for rolemanager group
if form['rolemanager_group']:
site.acl_users.portal_role_manager.assignRoleToPrincipal(
'Role Manager', form['rolemanager_group'])
# provide the repository root for opengever.setup:default
repository_root = config.get('repository_root', None)
if repository_root:
self.request.set('repository_root', repository_root)
# import the defaul generic setup profiles if needed
stool = getToolByName(site, 'portal_setup')
for profile in config.get('additional_profiles', ()):
stool.runAllImportStepsFromProfile('profile-%s' % profile)
# set the site title
site.manage_changeProperties(title=form['title'])
# REALLY set the language - the plone4 addPloneSite is really
# buggy with languages.
langCP = getAdapter(site, ILanguageSelectionSchema)
langCP.default_language = 'de-ch'
# the og_admin_user is not longer used so we set him to inactive
og_admin_user.active = False
return 'ok'
def import_users(self):
"""Imports users from all the configured LDAP plugins into OGDS.
"""
session = create_session()
# Set all SQL users inactive first - the ones still contained in the
# LDAP will be set active again below (in the same transaction).
for user in session.query(User):
user.active = False
for plugin in self._ldap_plugins():
ldap_userfolder = plugin._getLDAPUserFolder()
uid_attr = self._get_uid_attr(ldap_userfolder)
ldap_util = ILDAPSearch(ldap_userfolder)
logger.info(u"Users base: %s" % ldap_userfolder.users_base)
logger.info(u"User filter: %s" % ldap_util.get_user_filter())
ldap_users = ldap_util.get_users()
for ldap_user in ldap_users:
dn, info = ldap_user
# Ignore users without an UID in LDAP
if uid_attr not in info:
continue
userid = info[uid_attr]
userid = userid.decode("utf-8")
# Skip users with uid longer than SQL 'userid' column
if len(userid) > USER_ID_LENGTH:
logger.warn(u"Skipping user '{}' - " u"userid too long!".format(userid))
continue
if not self.user_exists(userid):
# Create the new user
user = User(userid)
session.add(user)
else:
# Get the existing user
try:
user = self.get_sql_user(userid)
except MultipleResultsFound:
# Duplicate user with slightly different spelling
# (casing, whitespace, ...) that may not be considered
# different by the SQL backend's unique constraint.
# We therefore enforce uniqueness ourselves.
logger.warn(u"Skipping duplicate user '{}'!".format(userid))
continue
# Iterate over all SQL columns and update their values
columns = User.__table__.columns
for col in columns:
if col.name == "userid":
# We already set the userid when creating the user
# object, and it may not be called the same in LDAP as
# in our SQL model
continue
value = info.get(col.name)
# We can't store sequences in SQL columns. So if we do get
# a multi-valued field to be stored directly in OGDS, we
# treat it as a multi-line string and join it.
if isinstance(value, list) or isinstance(value, tuple):
value = " ".join([str(v) for v in value])
if isinstance(value, str):
value = value.decode("utf-8")
setattr(user, col.name, value)
# Set the user active
user.active = True
logger.info(u"Imported user '{}'".format(userid))
session.flush()
